A team of researchers from Tel Aviv University has been analyzing sound recordings made close to computers, and discovered that they can recover, bit by bit, private RSA keys. So how did they do it?

First, they identified that the sounds made by the computers they were recording revealed which processor instructions were running, reports Naked Security . As a result, they were able to tell if computer was adding or multiplying, which further allowed them to determine if one of a number of RSA keys were being used, just by listening in to the encryption of a fixed message using each key in turn.

The authors ultimately went much further, contriving a way in which a particular email client, bombarded with thousands of carefully-crafted encrypted messages, might end up leaking its entire RSA private key, one bit at a time.

Oh. Dear. Effectively, it's an exploit of an RSA quirk, which allows you to multiply a random number into the input before encryption then divide it out after decryption without affecting the result. That allows an attacker to add in a known quantity before encryption and remove it neatly afterwards—the only way to actually get anywhere with such an attack.

Admittedly, there's a rather large caveat here: it only works with GnuPG 1.4.x RSA encryption software, which is out of date, though that's not to say it's not sat on hundreds of thousands of computers still. So, an avoidable hack—but an utterly fascinating one, too. [Tel Aviv university via Naked Security ]